As used herein, the terms “user equipment” and “UE” might in some cases refer to mobile devices such as mobile telephones, personal digital assistants, handheld or laptop computers, and similar devices that have telecommunications capabilities. Such a UE might consist of a device and its associated removable memory module, such as but not limited to a Universal Integrated Circuit Card (UICC) that includes a Subscriber Identity Module (SIM) application, a Universal Subscriber Identity Module (USIM) application, or a Removable User Identity Module (R-UIM) application. Alternatively, such a UE might consist of the device itself without such a module. In other cases, the term “UE” might refer to devices that have similar capabilities but that are not easily transportable, such as desktop computers, set-top boxes, or network appliances. The term “UE” can also refer to any hardware or software component that can terminate a communication session for a user. Also, the terms “user equipment,” “UE,” “user agent,” “UA,” “user device” and “user node” might be used synonymously herein.
Cryptography (e.g., encryption) is commonly used today to protect against data theft. For example, a UE may use encryption in order to protect data stored on the UE. However, even with encryption, data on a UE is still vulnerable if an attacker gains access to the UE. Specifically, if an attacker steals the UE or if the UE is left unattended for a short period of time, the UE is susceptible to what is commonly called a cold boot attack.
A cold boot attack is a type of physical attack in which an attacker with physical access to a UE is able to retrieve encryption keys from the UE and unscramble the data after using a cold reboot to restart the UE from a completely off or a full power down state. The cold boot attack exploits a little known property of a Random Access Memory (“RAM”): a RAM can retain its contents for several seconds to minutes after the UE loses power. If the RAM is cooled prior to terminating power, the RAM can retain its contents for even longer (e.g., hours). A cold boot operation cools the RAM in the UE and reboots the UE.
To execute one such cold boot attack, the UE is cold booted, a light-weight operating system is then immediately booted (e.g., from a USB flash drive), and the contents of the pre-booted RAM are dumped to a file. Alternatively, the RAM is moved from the UE and quickly placed in another UE under the attacker's control, which is then booted to access the RAM. Further analysis can then be performed against information that was retrieved from the RAM to find encryption keys contained within it. Once the keys are found, the attacker can decrypt the remaining data thereby giving the attacker access to sensitive data held in the RAM.